Published Research — publications on AI incident investigation
Published research relevant to investigating AI incidents, grouped by what it helps with: how incident governance and reporting are being standardized, how individual incidents can be analyzed, what is known about the behavior of agentic systems, and how organizations can respond. One-line notes describe what each publication contributes; read the originals for the substance.
Incident governance & reporting // definitions, monitoring, reporting regimes
Surveys the incident governance pipeline as a whole: how incidents are defined, classified, monitored, reported, and analyzed. Maps where regulatory and independent frameworks diverge, identifies open problems at each stage, and proposes monitoring guidelines and a reporting template.
Proposes a common set of criteria for AI incident reports, intended as a baseline for comparable reporting across jurisdictions and sectors.
Identifies the components a mandatory reporting regime would need, including standardized report contents such as incident type, harm, technical data, and context.
Argues for combining mandatory reporting by developers and deployers with supported voluntary reporting by users, researchers, and the public.
Design considerations for reporting systems aimed specifically at harms from general-purpose AI systems.
Examines how governments can strengthen post-deployment monitoring across a fragmented ecosystem of developers, deployers, and third parties.
Practical lessons from editing the largest public incident database, including the definitional and indexing challenges incident records raise.
Investigation & analysis methods // causal analysis, taxonomies, provenance
A causal framework for analyzing AI agent incidents through system, contextual, and cognitive factors, and a specification of the activity logs and system information an investigator needs.
The Goals, Methods, and Failures (GMF) taxonomy for annotating failure causes in incident records, with confidence modifiers for how firmly each label can be assigned.
A framework for classifying AI harm: tangible versus intangible, realized versus potential, and the categories of harm an incident record should distinguish.
Demonstrates fault-tree analysis applied to AI safety incidents, using language models to derive candidate causes from incident reports.
Cross-incident analysis of how responsibility and response were assigned after documented AI harms.
Surveys evidence tracing and execution provenance for LLM agents; directly relevant to preserving agent session records in an investigable form.
Agent behavior // scheming, misalignment, insider-threat analogies
Red-team evidence that frontier models can pursue covert strategies in context, including disabling oversight and misrepresenting their actions.
Controlled experiments in which agentic models chose harmful actions under goal conflict, framed through an insider-threat analogy.
Moves from red-team settings toward detection of scheming-like behavior in deployed systems.
Response frameworks // what happens after detection
An incident response framework for frontier models, covering the correction options available after deployment.
Bridges established cyber incident response standards (NIST SP 800-61r3, NIST AI 600-1, ATLAS, OWASP LLM Top 10) into a generative AI incident response workflow.
Suggest a publication // sourced, relevant, public
This list is curated and deliberately incomplete; it grows as relevant work is published. To suggest a publication, open an issue on GitHub or send it by email with a link to the original source. Listing here is not endorsement: apply the site’s evidence standards to every source.